I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Section 9, Security Considerations. "The architecture for GMPLS controlled "transport" Ethernet assumes that the network consists of trusted devices" I believe what is meant is "The architecture for GMPLS controlled "transport" Ethernet assumes that the GMPLS core network consists of trusted devices". This is fairly vague, and it would be useful to use the terms from draft-ietf-mpls-mpls-and-gmpls-security-framework-07, and say something like "A GMPLS controlled "transport" Ethernet system should assume that users and devices attached to UNIs may behave maliciously, negligently, or incorrectly. Providers are trusted to not be malicious." The document refers the reader to draft-ietf-mpls-mpls-and-gmpls- security-framework-07 for most security considerations, which is a fair thing to do. draft-ietf-mpls-mpls-and-gmpls-security-framework-07 recommends encryption, so I suggest adding a reference to IEEE 802.1AE Media Access Control (MAC) Security, like this: "Cryptography can be used to protect against many attacks described in [draft-ietf-mpls-mpls-and- gmpls-security-framework-07]. One option for protecting "transport" Ethernet is the use of 802.1AE Media Access Control Security, which provides encryption and authentication." Nit: Section 1. "SONET/SDH TDM" needs a comma regards, David